我又遇到了另一个障碍。我有一个非管理员 IIS 身份帐户,我想授予该帐户启动、停止、重新启动和读取一个 Windows 服务状态的权限。我按照此处发布的解决方案操作。但是,我想通过 PowerShell 实现自动化,因为我有太多服务器。我能够获取非管理员帐户的 SID,并获取命令的输出并将其保存在变量下。我将其转换为字符串,但无法应用任何函数,例如、、StartsWith等。这是我的代码:splitinsert
#Getting the SID for non-admin ISS identity account
$objUser = New-Object System.Security.Principal.NTAccount("non-admin")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$sid = $strSID.Value
#output retuned = S-1-5-21-2103278432-2794320136-1883075150-1000
#Storing the output of cmd prompt
$cmd = cmd.exe /c "sc sdshow <Service_Name>"
$test = $cmd | Out-String
#output returned = D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
#Storing the value that needs to be inserted in $CMD
$str = "(A;;RPWPCR;;;$sid)"
我想在 $test 中的“S:”之前插入 $str,但一直没有成功。我想通过 PowerShell 而不是 SubInAcl 来实现这一点。任何帮助都将不胜感激。最终代码应如下所示:
sc sdset <SERVICE_NAME> "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)($str)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
答案1
假设您的$test变量包含D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD),您可以执行以下操作:
$sid = "S-1-5-21-2103278432-2794320136-1883075150-1000"
$test = "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
$str = "(A;;RPWPCR;;;$sid)"
$newstring = $test -replace "S:","$($str)S:"
$newstring
返回:
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RPWPCR;;;S-1-5-21-2103278432-2794320136-1883075150-1000)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)